For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

“An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server,” the advisory states.

It adds that the attack can only be performed if both the client and server are vulnerable, which will be the case if servers are running OpenSSL 1.0.1 or 1.0.2-beta1.

“Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution,” the notice says.

Kikuchi helped to produce a fix for the problem that was finalised by Stephen Henson of the OpenSSL core team and is available to download and install from here.

“The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation," he wrote.

“If the reviewers had enough experiences, they should have verified OpenSSL code in the same way they do their own code and they could have detected the problem.”

Nicholas Percoco, vice president of strategic services at security firm Rapid7, said that given most servers had been upgraded to the most recent version after Heartbleed, millions could be affected by this latest threat.

"The newly disclosed man-in-the-middle vulnerability disclosed in OpenSSL affects all client applications and devices that run OpenSSL when communicating to vulnerable servers of specific versions, but includes the most recent.

"This likely contains the majority of systems on the internet given most rushed to upgrade OpenSSL after the Heartbleed disclosure in early April of this year.”